The present disclosure relates to network protocol handshakes used to establish network connections, while providing protection against denial of service attacks.
Network protocol handshakes have been modified to help prevent denial of service attacks. Typically, the initiator sends an initial request in the handshake, such as a synchronization (SYN) packet in TCP/IP (Transmission Control Protocol over Internet Protocol), and the responder sends back a cookie, which is a piece of data (e.g., text data) stored at the initiator and used to maintain information. The cookie is generated such that the responder need not maintain per-initiator state (e.g., allocation of resources such as memory) after responding to the initial request. The cookie is typically generated by combining information such as the approximate current time (e.g., to the nearest minute), a secret known only to the responder, and the IP address from which the initial request came, and then protecting it using a one way hash function.
The initiator receives the cookie and sends it back with the next part of the handshake. This can protect against several forms of denial-of-service attack, such as sending large numbers of startup messages (which create state in the receiver) from forged source addresses, or sending more startup messages than the attacker has the capacity to actually receive and process.